This kind of thing is bound to have happened, so let's all get past that.
What I'm looking for is FULL transparency from SolarWinds to let us know more details.
I was told this morning that HF1 does not fix the problem, it merely, "...makes it more difficult to exploit the vulnerability". So my question is, short of turning off our SolarWinds environment, what else can we be doing?
I know SolarWinds is working feverishly on HF2 to fix the problem, but what kind of testing will they be doing? What criteria are they measuring the validity and stability of the new HF2? What will they be looking for to show success that the exploit is fixed?
What is SolarWinds doing to secure their own environment and supply chain to prevent this type of thing in the future?
Come on SolarWinds, this is the time to step up, own the problem, and fully disclose everything you know. Don't hide info to protect yourselves leaving all of our networks vulnerable.
UPDATE
Wow! solarwinds123.... REALLY?! THIS is the level of security you use to protect your infrastructure? And you've known about it for quite some time. Shame on you SolarWinds for endangering all of our networks and our Government.
https://www.reuters.com/article/global-cyber-solarwinds/hackers-at-center-of-sprawling-spy-campaign-turned-solarwinds-dominance-against-it-idUSKBN28P2N8
https://www.techdirt.com/articles/20201215/13203045893/security-researcher-reveals-solarwinds-update-server-was-secured-with-password-solarwinds123.shtml
Not only did you know, but you cashed out before the news hit. Just wow
https://rivertonroll.com/news/2020/12/12/solarwinds-co-nyseswi-director-sells-45693711-31-in-stock.html
